← Back to team overview

freeipa team mailing list archive

[Bug 1769440] Re: freeipa server install fails - Configuring the web interface, setting up ssl

 

In syslog there is this:

May  6 20:18:01 usrv1 named-pkcs11[25219]: ../../../lib/dns-pkcs11/view.c:962: REQUIRE(view->zonetable != ((void *)0)) failed, back trace
May  6 20:18:01 usrv1 named-pkcs11[25219]: #0 0x55ceb0cb4cc0 in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #1 0x7f4ae89007fa in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #2 0x7f4ae93122aa in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #3 0x55ceb0cd2a77 in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #4 0x55ceb0c967d1 in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #5 0x55ceb0cdf309 in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #6 0x55ceb0ce0f33 in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #7 0x7f4ae8927b59 in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #8 0x7f4ae7ea16db in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: #9 0x7f4ae75d588f in ??
May  6 20:18:01 usrv1 named-pkcs11[25219]: exiting (due to assertion failure)

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1769440

Title:
  freeipa server install fails - Configuring the web interface, setting
  up ssl

Status in freeipa package in Ubuntu:
  New

Bug description:
  Setting up FreeIPA server fails at "Configuring the web interface",
  step 12/21

  It's in a cleanly started LXC Ubuntu Bionic container. The
  ppa:freeipa/ppa is also used to get tomcat 8.5.30-1ubuntu1.2

  Configuring the web interface (httpd)
    [1/21]: stopping httpd
    [2/21]: backing up ssl.conf
    [3/21]: disabling nss.conf
    [4/21]: configuring mod_ssl certificate paths
    [5/21]: setting mod_ssl protocol list to TLSv1.0 - TLSv1.2
    [6/21]: configuring mod_ssl log directory
    [7/21]: disabling mod_ssl OCSP
    [8/21]: adding URL rewriting rules
    [9/21]: configuring httpd
    [10/21]: setting up httpd keytab
    [11/21]: configuring Gssproxy
    [12/21]: setting up ssl
    [error] RuntimeError: Certificate issuance failed (CA_REJECTED)
  ipapython.admintool: ERROR    Certificate issuance failed (CA_REJECTED)
  ipapython.admintool: ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

  and in the log there is

  2018-05-05T20:37:29Z DEBUG stderr=
  2018-05-05T20:37:29Z DEBUG step duration: httpd configure_gssproxy 1.09 sec
  2018-05-05T20:37:29Z DEBUG   [12/21]: setting up ssl
  2018-05-05T20:37:33Z DEBUG certmonger request is in state dbus.String(u'GENERATING_KEY_PAIR', variant_level=1)
  2018-05-05T20:37:38Z DEBUG certmonger request is in state dbus.String(u'CA_REJECTED', variant_level=1)
  2018-05-05T20:37:42Z DEBUG Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation
      run_step(full_msg, method)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step
      method()
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/httpinstance.py", line 376, in __setup_ssl
      passwd_fname=key_passwd_file
    File "/usr/lib/python2.7/dist-packages/ipalib/install/certmonger.py", line 320, in request_and_wait_for_cert
      raise RuntimeError("Certificate issuance failed ({})".format(state))
  RuntimeError: Certificate issuance failed (CA_REJECTED)

  2018-05-05T20:37:42Z DEBUG   [error] RuntimeError: Certificate issuance failed (CA_REJECTED)
  2018-05-05T20:37:42Z DEBUG   File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in exec
  ute
  ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/+subscriptions


References